Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-30157

Опубликовано: 22 мар. 2021
Источник: redhat
CVSS3: 6.1
EPSS Низкий

Описание

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter-* label messages are output in HTML unescaped, leading to XSS.

In mediawiki package on ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter-* label messages are outputted in HTML unescaped, which could leading to Cross-site Scripting (XSS).

Отчет

The mediawiki package was removed from OpenShift Container Platform (OCP) in version 4.3, therefore for OCP 4 has been marked as out of support scope.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Container Platform 3.11mediawikiWill not fix
Red Hat OpenShift Container Platform 4mediawikiOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1946692mediawiki: XSS due to unescaped messages used in HTML on ChangesList pages

EPSS

Процентиль: 77%
0.01006
Низкий

6.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-30157

CVSS3: 6.1
ubuntu
почти 5 лет назад

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter-* label messages are output in HTML unescaped, leading to XSS.

nvd логотип

CVE-2021-30157

CVSS3: 6.1
nvd
почти 5 лет назад

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter-* label messages are output in HTML unescaped, leading to XSS.

debian логотип

CVE-2021-30157

CVSS3: 6.1
debian
почти 5 лет назад

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...

github логотип

GHSA-5586-f3jq-cmhq

github
больше 3 лет назад

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter-* label messages are output in HTML unescaped, leading to XSS.

fstec логотип

BDU:2021-03171

CVSS3: 6.1
fstec
почти 5 лет назад

Уязвимость программного средства для реализации гипертекстовой среды MediaWiki, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю проводить межсайтовый скриптинг

EPSS

Процентиль: 77%
0.01006
Низкий

6.1 Medium

CVSS3